On Wed, 24 May 2017 00:59:29 +0200 Leo Gaspard <l...@gaspard.io> wrote:
> On 05/23/2017 04:32 PM, Greg Kurz wrote:
> > v2: - posted patch for CVE-2017-7493 separately
> > - other changes available in each patch changelog
> >
> > Leo,
> >
> > If you find time to test this series, I'll gladly add your Tested-by: to
> > it before merging.
>
> Just tested with a base of 2.9.0 with patches [1] [2] (from my
> distribution), [3] (required to apply cleanly) and this patchset.
>
> Things appear to work as expected, and .virtfs_metadata{,_root} appear
> to be neither readable nor writable by any user.
>
Shall I add your Tested-by: to the patch then ?
> That said, one thing still bothering me with the fix in [3] is that it
> still "leaks" the host's uid/gid to the guest when a corresponding file
> in .virtfs_metadata is not present (while I'd have expected it to appear
> as root:root in the guest), but that's a separate issue, and I guess
> retro-compatibility prevents any fixing it.
>
Heh, I had a tentative patch to create root:root credentials and 0700 mode
bits by default... but this could indeed break some setups, so I decided
not to post it.
> Thanks for these patches!
Thanks for the testing! :)
Cheers,
--
Greg
> Leo
>
>
> [1]
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch
>
> [2]
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/qemu/no-etc-install.patch
>
> [3] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
>
pgpY2AamtOOTf.pgp
Description: OpenPGP digital signature
